Abstract:Abstract. Some years ago, Juels et al. introduced the first coercion-resistant Internet voting protocol. Its basic concept is still the most viable approach to address voter coercion and vote selling in Internet voting. However, one of the main open issues is its unrealistic computational requirements of the quadratic-time tallying procedure. In this paper, we examine the cause of this issue, namely the authorization of votes, and summarize the most recent proposals to perform this step in linear time. We expl… Show more
“…This scheme, however, is unsuited for practical use, due to the fact, that its performance is O(N 2 ) with N as the number of eligible voters. Therefore, a number of works have presented the improvements to the JCJ system, that preserve the coercion-resistance properties while achieving linear complexity -among others, approaches based upon group signatures [2], panic passwords [10], concurrent ballot authorization [15], anonymity sets [34] or using the voter roll [38]. Furthermore, several improvements focused on improving other shortcomings in JCJ scheme, such as addressing the issue of board flooding [26], or improving usability with using tamper-resistant smartcards [29].…”
Abstract. We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness.
“…This scheme, however, is unsuited for practical use, due to the fact, that its performance is O(N 2 ) with N as the number of eligible voters. Therefore, a number of works have presented the improvements to the JCJ system, that preserve the coercion-resistance properties while achieving linear complexity -among others, approaches based upon group signatures [2], panic passwords [10], concurrent ballot authorization [15], anonymity sets [34] or using the voter roll [38]. Furthermore, several improvements focused on improving other shortcomings in JCJ scheme, such as addressing the issue of board flooding [26], or improving usability with using tamper-resistant smartcards [29].…”
Abstract. We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness.
“…Under these assumptions, it is strongly resistant to coercion, and is fully verifiable by voters and observers. Several variants of JCJ/Civitas improve the usability of the aspects related to verifiability [9], [21] and coercion-resistance [11].…”
The balance between coercion-resistance, election verifiability and usability remains unresolved in remote electronic voting despite significant research over the last few years. We propose a change of perspective, replacing the requirement of coercion-resistance with a new requirement of coercionevidence: there should be public evidence of the amount of coercion that has taken place during a particular execution of the voting system. We provide a formal definition of coercion-evidence that has two parts. Firstly, there should be a coercion-evidence test that can be performed against the bulletin board to accurately determine the degree of coercion that has taken place in any given run. Secondly, we require coercer independence, that is the ability of the voter to follow the protocol without being detected by the coercer. To show how coercion-evidence can be achieved, we propose a new remote voting scheme, Caveat Coercitor, and we prove that it satisfies coercion-evidence. Moreover, Caveat Coercitor makes weaker trust assumptions than other remote voting systems, such as JCJ/Civitas and Helios, and has better usability properties.
We present a game-theoretic approach to coercion-resistance from the point of view of an honest election authority that chooses between various protection methods with different levels of resistance and different implementation costs. We give a simple game model of the election and propose a preliminary analysis. It turns out that, in the games that we look at, Stackelberg equilibrium for the society does not coincide with maxmin, and it is always more attractive to the society than Nash equilibrium. This suggests that the society is better off if the security policy is publicly announced, and the authorities commit to it. 3 The definition was game-based in the technical sense, i.e., the security property was defined as the outcome of an abstract game between the "verifier" and the "adversary". In this paper, we use game models to study the interaction between the actual participants of the protocol.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.